Advisory: Malicious Email Alert - Fake Delta Email Leads to Trojan

A malicious email was sent to several university members that claimedto be from Delta regarding the purchase of a ticket.

==SYSTEMS AFFECTED==

End users

==DETAILS==

A malicious email was received by several university members thatclaimed to be a confirmation of a ticket purchase through DeltaAirlines. The sender address was spoofing a delta.com email addressand had fake order numbers in the subject and the URL. The URL wasdescribed as a way to download and print your recently purchasedticket. However, the URL would direct the user to download a .zipfile that contained trojan-like malware. The examples that ITSPSecurity were provided ended up leading to two different variants ofmalware. The malware was supplied to McAfee for their inspection andthe result was an extra.DAT file to be provided for the ePO server.

There is a possibility that other similar emails may provide differentvariants of email that we have not seen yet. It is important to notethat users should ignore these emails, especially if they did notpurchase any airline tickets recently.

As usual, clicking on links in emails is not recommended. Thealternative is to copy and paste the link into the browser after doingsome investigation of the URL and content of the message for legitimacy.

==SOLUTIONS==

Ignore and delete the email. If the file was downloaded and the machinecontains or has access to sensitive or restricted data, please contactabuse@purdue.edu; otherwise the machine will need to be re-imaged.Users willalso need to change their password and challenge questions if theyused the machine after the malware would have been triggered.